WIP: create an osc container for package maintenance

src/bci_build/package/__init__.py

@@ -1422,6 +1422,7 @@ def generate_disk_size_constraints(size_gb: int) -> str:
 from .appcontainers import MARIADB_CLIENT_CONTAINERS  # noqa: E402
 from .appcontainers import MARIADB_CONTAINERS  # noqa: E402
 from .appcontainers import NGINX_CONTAINERS  # noqa: E402
+from .appcontainers import OSC_CONTAINER  # noqa: E402
 from .appcontainers import PCP_CONTAINERS  # noqa: E402
 from .appcontainers import POSTGRES_CONTAINERS  # noqa: E402
 from .appcontainers import PROMETHEUS_CONTAINERS  # noqa: E402
@@ -1488,6 +1489,7 @@ def generate_disk_size_constraints(size_gb: int) -> str:
         GITEA_RUNNER_CONTAINER,
         *TOMCAT_CONTAINERS,
         *GCC_CONTAINERS,
+        OSC_CONTAINER,
     )
 }
 

src/bci_build/package/appcontainers.py

@@ -18,6 +18,7 @@
 from bci_build.package import SupportLevel
 from bci_build.package import _build_tag_prefix
 from bci_build.package import generate_disk_size_constraints
+from bci_build.package.basecontainers import _get_os_container_package_names
 
 _PCP_FILES = {}
 for filename in (
@@ -808,3 +809,73 @@ def _get_nginx_kwargs(os_version: OsVersion):
     )
     for tomcat_major, os_version in product(_TOMCAT_VERSIONS, ALL_BASE_OS_VERSIONS)
 ]
+
+
+OSC_CONTAINER = ApplicationStackContainer(
+    name="osc",
+    pretty_name="Packaging",
+    package_name="packaging-image",
+    os_version=OsVersion.TUMBLEWEED,
+    is_latest=True,
+    version_in_uid=False,
+    version="%%osc_version%%",
+    replacements_via_service=[
+        Replacement(regex_in_build_description="%%osc_version%%", package_name="osc")
+    ],
+    extra_files={
+        "entrypoint.sh": (Path(__file__).parent / "osc" / "entrypoint.sh").read_bytes()
+    },
+    package_list=[
+        "osc",
+        "obs-service-appimage",
+        "obs-service-cargo",
+        "obs-service-cdi_containers_meta",
+        "obs-service-compose_kiwi_description",
+        "obs-service-docker_label_helper",
+        "obs-service-download_assets",
+        "obs-service-download_files",
+        "obs-service-download_url",
+        "obs-service-extract_file",
+        "obs-service-format_spec_file",
+        "obs-service-go_modules",
+        "obs-service-kiwi_label_helper",
+        "obs-service-kiwi_metainfo_helper",
+        "obs-service-kubevirt_containers_meta",
+        "obs-service-node_modules",
+        "obs-service-obs_scm",
+        "cpio",
+        "obs-service-product_converter",
+        "obs-service-recompress",
+        "obs-service-refresh_patches",
+        "obs-service-replace_using_env",
+        "obs-service-replace_using_package_version",
+        "obs-service-set_version",
+        "obs-service-snapcraft",
+        "obs-service-source_validator",
+        "obs-service-tar",
+        "obs-service-tar_scm",
+        "obs-service-verify_file",
+        *_get_os_container_package_names(OsVersion.TUMBLEWEED),
+        "git",
+        "openssh-common",
+        "openssh-clients",
+    ],
+    cmd=["/bin/bash"],
+    custom_end="""WORKDIR /root/osc-workdir
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+""",
+    entrypoint=["/usr/local/bin/entrypoint.sh"],
+    volumes=[
+        # default location of the build root & package cache
+        "/var/tmp"
+    ],
+)
+
+_BASE_PODMAN_CMD = "podman run run --rm -it -v ~/.config/osc/oscrc:/root/.config/osc/oscrc:ro,z -v ~/.local/state/osc/cookiejar:/root/.local/state/osc/cookiejar:z"
+_ref = OSC_CONTAINER.reference.replace("-%RELEASE%", "")
+
+OSC_CONTAINER.extra_labels = {
+    "run": f"{_BASE_PODMAN_CMD} {_ref}",
+    "runcwd": f"{_BASE_PODMAN_CMD} -v .:/root/osc-workdir:z {_ref}",
+}

src/bci_build/package/osc/README.md.j2

@@ -0,0 +1,61 @@
+# Packaging Container
+
+This is the openSUSE packaging container image, it includes all the necessary
+software to create and modify packages on the [Open Build
+Service](https://build.opensuse.org/) using
+[osc](https://github.com/openSUSE/osc/).
+
+
+## How to use this container image
+
+This container image is intended for interactive usage with your `.oscrc` and
+the osc cookiejar mounted into the container:
+
+```ShellSession
+# podman run --rm -it \
+      -v ~/.config/osc/oscrc:/root/.config/osc/oscrc:ro,z \
+      -v ~/.local/state/osc/cookiejar:/root/.local/state/osc/cookiejar:rw,z \
+      {{ image.reference }}
+```
+
+The above command launches an interactive shell where your local osc config will
+be used. You can then proceed to checkout packages, perform modifications and
+send submissions to OBS.
+
+To work on an already checked out package, mount the current working directory
+as well:
+
+```ShellSession
+# podman run --rm -it \
+      -v ~/.config/osc/oscrc:/root/.config/osc/oscrc:ro,z \
+      -v ~/.local/state/osc/cookiejar:/root/.local/state/osc/cookiejar:z \
+      -v .:/root/osc-workdir:z \
+      {{ image.reference }}
+```
+
+### Connecting to build.suse.de
+
+build.suse.de uses a ssh based authentication and thus requires additional
+resources to be available in the container:
+
+```ShellSession
+# podman run --rm -it \
+      -v ~/.config/osc/oscrc:/root/.config/osc/oscrc:ro,z \
+      -v ~/.local/state/osc/cookiejar:/root/.local/state/osc/cookiejar:z \
+      -v /etc/ssl/ca-bundle.pem:/etc/ssl/ca-bundle.pem:ro,z \
+      -v $SSH_AUTH_SOCK:/run/user/0/ssh-agent.socket:z \
+      -e SSH_AUTH_SOCK=/var/run/user/0/ssh-agent.socket:z \
+      -v "$PWD":/root/osc-workdir:z \
+      {{ image.reference }}
+```
+
+
+## Limitations
+
+- It is currently not possible to build packages in a container.
+
+
+## Volumes
+
+The container image is preconfigured to put `/var/tmp` into a volume. This
+directory is used by `osc` to store the buildroot and the package cache.

src/bci_build/package/osc/entrypoint.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if [[ ! -e /root/.config/osc/oscrc ]]; then
+    cat << EOF
+This container is expected to be launched with your oscrc mounted to
+/root/.config/osc/oscrc
+
+Please consult the README or the label 'run' for the full invocation.
+EOF
+fi
+
+
+exec "$@"